To deploy a ransomware attack, adversaries must first gain access to a victim’s corporate environment, devices, and data. Threat actors typically use two main approaches to gain entry: logging in using compromised credentials, i.e., legitimate access data that had previously been stolen, and exploiting vulnerabilities in applications and tools used by the business. Other less common modes of entry include brute force attacks, supply chain compromise, malicious emails/documents, and adware. Phishing features heavily in ransomware attacks but is primarily used to steal the credentials later used to log in to the organization.
